安全性修正

immense8342 · Feb 26, 2016 · 90d66f8 · 90d66f8
1 parent b73a369
commit 90d66f8
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 7 deletions.
diff --git a/app/m/weixin.php b/app/m/weixin.php
@@ -88,7 +88,7 @@ public function redirect_action()
 				{
 					if ($_GET['state'] == 'OAUTH')
 					{
-						HTTP::redirect('/m/weixin/authorization/?state=OAUTH&access_token=' . urlencode(base64_encode(serialize($access_token))) . '&redirect=' . urlencode($_GET['redirect']));
+						HTTP::redirect('/m/weixin/authorization/?state=OAUTH&access_token=' . urlencode(base64_encode(json_encode($access_token))) . '&redirect=' . urlencode($_GET['redirect']));
 					}
 					else
 					{
@@ -119,7 +119,7 @@ public function authorization_action()
 		{
 			if ($_GET['state'] == 'OAUTH')
 			{
-				$access_token = unserialize(base64_decode($_GET['access_token']));
+				$access_token = unserialize(json_decode($_GET['access_token']));
 			}
 			else
 			{

diff --git a/system/Services/BBCode.php b/system/Services/BBCode.php
@@ -41,16 +41,31 @@ private function _u_callback($match)
 
 	private function _url_callback($match)
 	{
+		if (substr($match[1], 0, 4) != 'http')
+		{
+			return $match[1];
+		}
+
 		return "<a href=\"$match[1]\" rel=\"nofollow\" target=\"_blank\">$match[1]</a>";
 	}
 
 	private function _link_callback($match)
 	{
+		if (substr($match[1], 0, 4) != 'http')
+		{
+			return $match[2];
+		}
+
 		return "<a href=\"$match[1]\" rel=\"nofollow\" target=\"_blank\">$match[2]</a>";
 	}
 
 	private function _img_callback($match)
 	{
+		if (substr($match[1], 0, 4) != 'http')
+		{
+			return $match[1];
+		}
+
 		return "<img src=\"$match[1]\" />";
 	}
 
@@ -99,7 +114,7 @@ public function __construct()
         $this->bbcode_table["/\[i\](.*?)\[\/i\]/is"] = '_i_callback';
 
         // Replace [quote]...[/quote] with <blockquote><p>...</p></blockquote>
-        $this->bbcode_table["/\[quote\]\n*(.*?)\n*\[\/quote\]/is"] = '_quote_callback';
+        $this->bbcode_table["/\[quote\](.*?)\[\/quote\]/is"] = '_quote_callback';
 
         // Replace [size=30]...[/size] with <span style="font-size:30%">...</span>
         $this->bbcode_table["/\[size=(\d+)\](.*?)\[\/size\]/is"] = '_size_callback';
@@ -162,4 +177,4 @@ public function parse($text, $escapeHTML = false, $nr2br = false)
 
         return $text;
     }
-}
+}
diff --git a/system/core/user.php b/system/core/user.php
@@ -32,10 +32,10 @@ public function __construct()
 
 			if ($sso_user_login['user_name'] AND $sso_user_login['password'] AND $sso_user_login['uid'])
 			{
-				if (AWS_APP::model('account')->check_hash_login($sso_user_login['user_name'], $sso_user_login['password']))
+				if ($user_info = AWS_APP::model('account')->check_hash_login($sso_user_login['user_name'], $sso_user_login['password']))
 				{
-					AWS_APP::session()->client_info['__CLIENT_UID'] = $sso_user_login['uid'];
-					AWS_APP::session()->client_info['__CLIENT_USER_NAME'] = $sso_user_login['user_name'];
+					AWS_APP::session()->client_info['__CLIENT_UID'] = $user_info['uid'];
+					AWS_APP::session()->client_info['__CLIENT_USER_NAME'] = $user_info['user_name'];
 					AWS_APP::session()->client_info['__CLIENT_PASSWORD'] = $sso_user_login['password'];
 
 					return true;